Commit 0a54a05e authored by Suzanne Selhorn's avatar Suzanne Selhorn

Merge branch 'russell/improve-coverage-fuzzing-docs-2' into 'master'

Add description of fuzz testing steps

See merge request gitlab-org/gitlab!70568
parents a3b04963 f62bf951
......@@ -16,6 +16,18 @@ We recommend that you use fuzz testing in addition to the other security scanner
and your own test processes. If you're using [GitLab CI/CD](../../../ci/index.md),
you can run your coverage-guided fuzz tests as part your CI/CD workflow.
## Coverage-guided fuzz testing process
The fuzz testing process:
1. Compiles the target application.
1. Runs the instrumented application, using the `gitlab-cov-fuzz` tool.
1. Parses and analyzes the exception information output by the fuzzer.
1. Downloads the [corpus](../terminology/index.md#corpus) and crash events from previous pipelines.
1. Outputs the parsed crash events and data to the `gl-coverage-fuzzing-report.json` file.
The results of the coverage-guided fuzz testing are available in the CI/CD pipeline.
## Supported fuzzing engines and languages
GitLab supports these languages through the fuzzing engine listed for each. We currently provide a
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment